News |
Webinars

Webinars

Past Webinars

Last 12 Months

Advanced Endpoint Protection: Full Circle Prevention-Detection-Remediation Based on a Single Agent

April 28, 2:00 pm ET

Hackers are exploiting all potential infiltration points thus it is important to establish your defense structure and response and remediate strategy from all angles. But with so many solutions out there, where do you start? Viewfinity offers a unified strategy that supports prevention, detection and remediation all based on the architectural integrity of one agent. Our advanced endpoint protection solution:

This webinar will provide a perspective on all aspects of defending endpoints from modern day attacks.

Mike Rothman, Analyst & President of Securosis will set the stage by digging into the technical innovations that are driving advanced endpoint protection. The focus will be on understanding what is essential to protect your endpoints from advanced attacks, which includes solid hygiene and configuration practices, focusing on least privilege to prevent exploitation, more effective detection, working closely with network-based defenses, and finally investigating and remediating the inevitable compromise.

Alex Shoykhet will follow-up with information related to how Viewfinity can help before, during and after an attack. Alex will review methods for prevention, detection and remediation and explain how we are able to maintain architectural integrity by enabling endpoint protection from a single agent. He’ll focus on:

Managing privilege elevation after closing down the security loophole related to admin rights

Application Control – more than whitelisting – we’ll show how monitoring and forensics play a more important role

How Hackers Exploit Admin Rights to Access Your Systems

Speaker: Paula Januszkiewicz | February 25, 1:00 p.m. ET

If there is a weakness in your IT security system, wouldn't it be better to find it before someone else does? The best way to do this is to put ourselves into the hacker's role and perform all the activities they would do as well. Of course it requires some very specific knowledge that may be hard to learn when our work focuses more on creating than destroying, but the results will give us a perspective on what other people with bad intentions can see.

Join this 40 minute journey as our speakers uncover the darker side of IT security and propose solutions to close down dangerous security loopholes:

By way of example, learn what hackers attack first when planning to invade your IT infrastructure, including: use of administrative privileges, installing malware tools, and how hashes/tokens are harvested for penetration. Paula will focus on how hackers gained deep access in some of the more recently publicized security breaches, such as gaining the highest level of administrative privilege computer servers.

Explain the risks related to both least privilege and application control, and why combining them provides the most impressive technical solution for securing endpoints.

Show how administrator rights can be removed and only approved applications will be allowed to run with escalated rights.

You’ll walk away understanding how to close down dangerous security loopholes and add a fortified level of security to protect against sophisticated zero-day attacks, malware, advanced persistent threats and other application-based exploits.

Viewfinity is able to identify the root source of the suspicious behavior including the threat origin, such as URL, who, when, how many endpoints have been targeted and all roots associated with the threat.

The information is utilized in ThreatCloud post-incident reports and security advisement to strengthen firewall enforcement policies to mitigate future risks.

Threat Cloud relays crucial information to endpoints to help accelerate the ability to contain threats; for example, if an application requires elevated privileges, before granting those permissions, the application can be verified with Threat Cloud to ensure its soundness via digital forensic analysis.

Application Control is More Than Whitelisting-It’s Monitoring, Visibility, Protection & Default Deny

Thursday, December 4, 2014 at 2:00pm ET

Application Control is More Than Whitelisting-It’s Monitoring, Visibility, Protection & Default Deny

Application Control technology is more than just whitelisting. Organizations have found significant value via full visibility into server and desktop environments by continuously monitoring and observing application behavior. Attend this webinar and learn about best practices for continuous application control & monitoring. We’ll exploit the power of application control via a logical a step-by-step methodology that covers monitoring, enhanced visibility, protection and then default deny, all without affecting user productivity:

Server monitoring: know, in real time, what changes are being made in your environment as this is the critical path that invasions will take to get to the heart of your IT operation. What significant changes are being made on servers? Where did an application originated? Is the application rated with a high or low reputation score?

Application Forensics: keep track of applications being installed and run, and who, when, and from where applications and files are introduced onto corporate endpoints. This information can be used in the event of a breach.

Greylisting: these are the applications that are not part of the white or black lists which can be also run in a restricted "greylist mode." Policies handle these unknown applications, allowing them to be installed and/or run, but privileges are restricted for these applications and they have limited access to resources.

Threat Detection Integration: detect and diffuse many attacks by sharing suspicious application activity and network behavior with Palo Alto, FireEye and Check Point for thorough analysis and further remediation.

Trusted Sources and Monitoring as a precursor to establishing the white list: before restrictions are placed, use file history in a “monitoring mode” to identify what applications are actually in use. The monitoring lets you know if these applications require admin rights and can build trusted sources.

If there is a weakness in your IT security system, wouldn't it be better to find it before someone else does? The best way to do this is to put ourselves into the hacker's role and perform all the activities they would do as well. Of course it requires some very specific knowledge that may be hard to learn when our work focuses more on creating than destroying, but the results will give us a perspective on what other people with bad intentions can see.

Join this 40 minute journey as our speakers uncover the darker side of IT security and propose solutions to close down dangerous security loopholes:

By way of example, learn what hackers attack first when planning to invade your IT infrastructure, including: use of administrative privileges, installing malware tools, and how hashes/tokens are harvested for penetration. Paula will focus on how hackers gained deep access in some of the more recently publicized security breaches, such as gaining the highest level of administrative privilege computer servers.

Explain the risks related to both least privilege and application control, and why combining them provides the most impressive technical solution for securing endpoints.

Show how administrator rights can be removed and only approved applications will be allowed to run with escalated rights.

You’ll walk away understanding how to close down dangerous security loopholes and add a fortified level of security to protect against sophisticated zero-day attacks, malware, advanced persistent threats and other application-based exploits.

Best practices for making this transition as smooth as possible including identifying who, when, and where, admin rights are being utilized within the environment, the automatic detection of applications requiring elevated privileges, automatically creating aggregated policies to handle the majority of needs, and handling future needs/exceptions, as well as management & compliance reporting. Following the presentation Jason will answer audience questions related to these transitions and best practices.

How Hackers Exploit Admin Rights to Access Your Systems

Speaker: Marcus Murray | August 20 at 11:30 AM EDT

One of the top reasons, if not the number 1 reason, why an attacker can penetrate your environment and cause a security breach is due to excessive administrative privileges. If you have not removed administrative rights from your IT environment, you’ll want to attend this webinar during which the methods outlined below will be demonstrated to show how attackers use exploit admin rights, manipulate security credentials, and hack into your systems. Marcus Murray, renowned security expert and leader of the Truesec Security Team, an independent elite-team of security consultants operating all over the world. Situations to be explored include:

Client side exploit targets an endpoint and passwords hashes/tokens are harvested, infiltrates the domain controller, exposing vulnerability to data theft and malware installation

How Pass the Hash is used as an extremely common method hackers employ to use your own systems against you

Following Marcus’ demos on these security vulnerabilities, Alex Shoykhet, VP of Product Management for Viewfinity, will demonstrate how removing admin rights significantly decrease surface for security breaches. The speakers will summarize these exploits and open the discussion up for questions.

Security Vulnerabilities Associated With Having Local Administrator Privileges

Speaker: Paula Januszkiewicz | August 12 at 2:00 PM EDT

Paula Januszkiewicz, IT Security Auditor, Enterprise Security MVP, trainer (MCT) and Microsoft Security Trusted Advisor, will be conducting a discussion that centers on the security threats that are related to having excess local administrator privileges. The situations to be explored include:

Owned Identity: Grabbing users' Kerberos tickets

Extracting passwords from the operating system: who, where, and how

Pass-the-hash scenario where excessive admin rights are exploited to steal the credentials of an admin

After Paula's discussion, Alex Shoykhet, Viewfinity's VP of Product Management, will demonstrate how Viewfinity supports the principal of least privilege rights. He'll discuss how removing admin rights from users and managing privileges at a granular application level reduces the attack surface and helps to stop hackers in their tracks from using local administrative privileges as a back door to stealing credentials via pass-the-hash invasions.

Saving Time and Resources Managing Administrator Rights

Speaker John Pescatore | July 22 at 1:00 PM EDT

In this WhatWorks analysis, John Pescatore examines a use case where end users had local administrative rights on their PCs and it had gotten out of hand for this Fortune 500 Energy and Utilities company. The compelling event that prompted the company to reexamine this situation was the migration to Windows 7. In Windows XP, a custom tool that allowed users one of three levels of administrative rights to their workstations would need to be replaced during the Windows 7 deployment. The workstation Architect spearheaded a search for a Privilege Management product.

The Viewfinity solution he found allowed him to implement a process-based whitelist that supports a variety of more than 3,000 applications installed for business use and significantly decreased the manpower required to support user installation and privilege elevation requests. Local administrative rights have been removed and any user needs requiring administrative rights are handled automatically using the Viewfinity software ensuring we are always operating in a least risk environment.

Customer Use Case Review: Tullow Oil

July 16, 2014 at 9:30 am ET

Tullow Oil is a leading independent oil and gas, exploration and production group and is quoted on the London, Ghana and Irish Stock Exchanges (symbol: TLW.L). Headquartered in London, it is one of the largest independent oil and gas exploration and production companies in Europe with a focused portfolio of world-class assets. Tullow has interests in over 100 production and exploration licenses in 22 countries which are managed as three regional business units: West & North Africa, South & East Africa and Europe, South America and Asia.

The Challenge:
The company's network includes 2300 desktops running more than 300 applications including 35 custom applications. There are also ~40 remote locations with hundreds of people travelling around the world on a daily basis. Providing administrator level rights across the machine enabled users to easily engage in tasks which could threaten the performance of the machine, open doors to infection or probing of the Tullow network and other unintended consequences.

Tullow Oil now has the ability to apply elevated permissions on a per application or per service basis. We'll explain how this increases IT's ability to maintain a standard desktop/laptop build globally, reducing pressure on our local IT teams to offer machine admin permissions and increase our overall network security.

Emerging Security Trends with John Pescatore

Speaker: John Pescatore | June 10 at 3:00 PM EDT

Overview

Threats are advancing constantly and users are demanding to use more devices and more cloud services. John Pescatore will give a data-driven presentation on the recent and future trends in advanced threats, and highlight the evolution (and some revolution) needed in security processes, architecture, and technology in order to protect the business in 2014 and beyond. The discussion will use the Critical Security Controls as the foundation of an approach to security that can deter more attacks, detect more quickly the ones that do get through and minimize the damage of attacks that go undetected.

Speaker Bio

John Pescatore

John Pescatore joined SANS in January 2013, with 35 years of experience in computer, network and information security. He was Gartner's lead security analyst for more than 13 years, working with global 5000 corporations, government agencies and major technology and service providers. In 2008, he was named one of the top 15 most influential people in security and has testified before Congress on cybersecurity. Prior to joining Gartner Inc. in 1999, John was senior consultant for Entrust Technologies and Trusted Information Systems. Prior to that, he spent 11 years with GTE developing secure computing and telecommunications systems. In 1985, he won a GTE-wide Warner Technical Achievement award. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems--and the occasional ballistic armor installation. He holds a bachelor's degree in electrical engineering from the University of Connecticut and is an NSA-certified cryptologic engineer. He is an Extra class amateur radio operator, callsign K3TN.

Saving Time and Resources Managing Administrator Rights with a Process-based Whitelist Model

Speaker: John Pescatore | June 05 at 1:00 PM EDT

In this WhatWorks analysis, John Pescatore examines a use case where end users had local administrative rights on their PCs and it had gotten out of hand for this Fortune 500 Energy and Utilities company. The compelling event that prompted the company to reexamine this situation was the migration to Windows 7. In Windows XP, a custom tool that allowed users one of three levels of administrative rights to their workstations would need to be replaced during the Windows 7 deployment. The workstation Architect spearheaded a search for a Privilege Management product. The Viewfinity solution he found allowed him to implement a process-based whitelist that supports a variety of more than 3,000 applications installed for business use and significantly decreased the manpower required to support user installation and privilege elevation requests. Local administrative rights have been removed and any user needs requiring administrative rights are handled automatically using the Viewfinity software ensuring we are always operating in a least risk environment.

The user in this case study served as the Workstation Architect for his company. In his role, he was responsible for all aspects of the project to migrate the company from Windows XP to Windows 7. This included leading the teams that gathered requirements, designed solutions and implemented the project corporate wide. Other responsibilities included oversight of the solutions for software packaging and delivery and the Citrix environment.

Defend Against Breaches with CA and Viewfinity: Privileged Identity Management and Least Privilege Application Control

May 21, 2014 at 1:00 pm EDT

Security breaches are driving the need to manage and audit privileged user accounts, all the way from the “gate-keeper” via password management control, through to the specific privileges and application access via least privilege management principles.

When CA ControlMinder is used in combination with Viewfinity’s Privilege Management and Application Control solutions, the proven technologies together reduce the risks associated with privileged identities. CA ControlMinder protects servers by enabling organizations to enforce accountability for their administrators, prevent password theft and sharing. Viewfinity provides fully automated application control features and administrative privilege capabilities. Jointly, enterprises benefit from a comprehensive solution available for tracking and auditing all privileged and administrative activities, passwords and elevated privilege policies across an organization's entire infrastructure. The solution spans Windows-based endpoints, to UNIX, Linux and Windows servers, hypervisors, virtual machines, remote based-endpoints and other systems within the organization.

In this joint webinar, we will show how the two products work together to protect companies who require fully automated password management and privileged account auditing along with application monitoring, whitelisting and elevation of privileges for specific applications and tasks in a least privilege environment.

Eliminating Admin Rights - Learn From Your Peers via Actual Use Cases

April 24, 2014 at 2:00 PM EDT

Certain Windows applications and desktop functions require local administrative privileges in order to run and function properly on a desktop or laptop. But granting full admin rights creates a less secure environment and opens the door for malicious hackers and viruses. During this webcast, three use case scenarios will be presented by IT professionals who will share how they approached their projects to eliminate admin rights. They will walk through their research, solution and results.

Attendees will 1) learn how to resolve the administrative privileges problem without jeopardizing your network; 2) how to automatically control user rights for applications and systems which require elevated permissions; 3) be shown a brief demonstration of the solution they put in place to manage admin rights.